Invisible Island

invisible-island

10 CVEs • 5 products

Products (5)

Click to collapse

Toggle

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-20229 1Invisible Island 1Mawk Apr 2, 2026 Mar 28, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious...Show more MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges.Show less
CVE-2025-69720 1Invisible Island 1Ncurses Jun 2, 2026 Mar 19, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.
CVE-2023-50495 1Invisible Island 1Ncurse Nov 4, 2025 Dec 12, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
CVE-2023-40359 1Invisible Island 1Xterm Nov 21, 2024 Aug 14, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installat...Show more xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature.Show less
CVE-2022-45063 2Fedoraproject Invisible Island 2Fedora Xterm Apr 8, 2026 Nov 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the...Show more xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.Show less
CVE-2022-24130 3Debian FedoraprojectInvisible Island 3Debian Linux FedoraXterm Nov 21, 2024 Jan 31, 2022 N/A· v4 5.5 MEDIUM· v3 2.6 LOW· v2 xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text.
CVE-2021-27135 3Debian FedoraprojectInvisible Island 3Debian Linux FedoraXterm Nov 21, 2024 Feb 10, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.
CVE-2008-2383 1Invisible Island 1Xterm Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequ...Show more CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.Show less
CVE-2006-7236 1Invisible Island 1Xterm Apr 23, 2026 Jan 2, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via esca...Show more The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.Show less
CVE-2005-3120 2Debian Invisible Island 2Debian Linux Lynx Apr 16, 2026 Oct 17, 2005 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escap...Show more Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.Show less